Use of Hard-coded Cryptographic Key

CVE-2021-43587

Medium

6.7/10

Summary

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-321 - Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

References

Advisory Timeline

Published Dec 21, 2021

Use of Hard-coded Cryptographic Key

CVE-2021-43587

Summary

CWE-321 - Use of Hard-coded Cryptographic Key

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS